Internet of things: Finding security in the cloud

Technology Update: So what’s the best tool for implementing security and locking down our devices? The answer is the cloud. The cloud doesn’t have to be insecure or expensive; centralized data collection and management is the key to securing Internet of things devices.

08/01/2014


Cloud-based computing offers manufacturers specific advantages. Courtesy: Control EngineeringThe cloud has the potential to help, more than hurt, cyber security for connected devices, the Internet of things (IoT). With all of the talk about the security, or insecurity, of the IoT, there's one thing we can agree on: security is both complex and critical. In the next five years, the Internet will become a larger global connection of computers, as well as an interconnection of everyday devices collecting data on their surroundings. With over 20 billion connected devices estimated in use by 2020, information and data will become ubiquitous, and our future applications will easily gather data from any source.

So what's the best tool for implementing security and locking down our devices? The answer is the cloud. Some would have us believe that the cloud is insecure and expensive, but I'm here to tell you that both of those accusations are not true. In fact, centralized data collection and management is the key to securing IoT devices. 

Centralized management

When a company or individual is trying to manage thousands of devices independently, it's not going to be easy. One strategy for monitoring and securing connected devices is to centralize them; a central repository provides the ability to see how all devices are working, and allows a successful shift of security intelligence from each field or device into the cloud.

While the cloud may be an aggregated layer, it also delivers greater intelligence. In other words, rather than the cloud being a tempting target for hackers, it's very secure and can protect itself against attacks. The cloud delivers continuous monitoring of all devices and the capability to turn off web services with a click of a button so that the devices are no longer listening to the Internet-thereby mitigating risk. By shifting security from individual purpose-built devices to the cloud, you actually have more controls and functions over each individual device. Another benefit of the cloud is its cost-effectiveness: by deploying the right tools to predict malicious activities and identify patterns, security increases while cost decreases as individual devices can only do so little without driving huge costs. Many devices working together en masse in the cloud is "smart." 

Refrigerator attack

For example, if someone attempts to attack your connected refrigerator, you can monitor that activity from the cloud and mitigate the risk. If the cloud manager notices abnormal activity-such as a user logging in from a remote area-the refrigerator can quickly be disconnected from the Internet and refrain from sending out data.

This diagram shows the IoT device control channel flow. In this model, IoT devices report to a cloud service. Since the connection flow is from the device TO the cloud, there is minimal need for device management services to be running on the device expos

Another recent example is the Heartbleed vulnerability. Devices using OpenSSL were at risk; however, those devices running from a device cloud allowed you to turn off your web services and immediately disable your devices from listening on the Internet-therefore, the device was not exposed to the threat.

This process is very similar to what happens in an IT server room: when an attack on a computer or network server is exposed, there are tools that IT personnel are able to quickly deploy to combat the attack. In a cloud environment that is aggregating data, it is possible to look for the same warning signs and respond just as if it were a server. By connecting devices to the cloud, specialized protection is easy, accessible, and behind the scenes.

Another key factor tied to the IoT and the cloud is secure password protection. You should have one centrally managed password to best protect your devices. By using one central password, tools, auditability, and security are much more effectively managed in the cloud, which drives home the concept of identity. If someone gains access to the account, you are notified immediately and can lock down all devices. 

Cloud protection

Donald Schleede is senior information security engineer / CISSP, director, Device Cloud by Etherios Security Office, Digit International. Courtesy: Digi InternationalIt's not if, but when an Internet-connected device will be attacked. If you want real protection, you must connect your devices to the cloud. With the cloud, you have the technology and capabilities to freeze and lock out all devices that are under attack within seconds. The ability to remotely update security functions is one of the main benefits of cloud-connected hardware. If devices are connected to the cloud, a simple fix can be applied to ensure devices are secure. As the IoT continues to grow and develop, security must be considered at every point throughout the network. Connecting your device to the cloud fulfills this need and can be used to deliver security to your devices and keep data secure.

- Donald Schleede is information security engineer at Digi International. Edited by Mark T. Hoske, content manager, CFE Media, Control Engineering, mhoske@cfemedia.com.

ONLINE

www.controleng.com/archives in August has more information with the online version of this article.

Key concepts

  • As the Internet of Things expands, cyber security must be considered at every point. 
  • Connecting devices to the cloud can deliver security to your devices and keep data secure.

Consider this

Would the cloud-based tools described here help lower your device cyber security risk? 

ONLINE extra

Don Schleede: Donald "Don" Schleede, CISSP, is a senior information security engineer working for Digi International. He has held positions as a software developer, IT operations director, and IT security architect. Schleede's areas of expertise include Unix security, network security, and web application security. Today, he works with devices and the Internet of Things in conjunction with device cloud security.

About Digi International: Digi International combines machine to machine (M2M) products and services as end-to-end solutions to drive business efficiencies. Digi provides the industry's broadest range of wireless products, a cloud computing platform tailored for devices and development services to help customers get to market fast with wireless devices and applications. Digi solutions are tailored to allow any device to communicate with any application, anywhere in the world, the company said.

www.digi.com 



, , 08/02/14 08:44 AM:

I agree that “The cloud doesn’t have to be insecure or expensive; centralized data collection and management is the key to securing Internet of things devices.” but the security issues should not be ignored.
A recent report “Data Breach: The Cloud Multiplier Effect” by the Ponemon Institute reveals how the risk of a data breach in the cloud is multiplying. 66 percent of respondents say their organization’s use of cloud resources diminishes its ability to protect confidential or sensitive information and 64 percent believe it makes it difficult to secure business-critical applications.
Ponemon asked “Can a data breach in the cloud result in a larger and more costly incident?” and found that an average data breach cost of $2.37 million it could be as much as $5.32 million if the data is in the cloud. A data breach in the cloud can be 2x more costly.

The good news is that new cost effective data protection solutions can address this issue.

Gartner concluded that the “Emerging Technology” defined as “Cloud Data Protection Gateways” provides a “High Benefit Rating” and “offer a way to secure sensitive enterprise data and files stored in SaaS applications”.

I also read an interesting report from the Aberdeen Group about protecting PII and PCI data. The report revealed that “data tokenization users had 50% fewer security-related incidents (e.g., unauthorized access, data loss or data exposure than tokenization non-users)”.

Cloud Gateways that tokenize sensitive data looks like a promising approach for cloud security.

Ulf Mattsson, CTO Protegrity
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
The Engineering Leaders Under 40 program identifies and gives recognition to young engineers who...
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Robot advances in connectivity, collaboration, and programming; Advanced process control; Industrial wireless developments; Multiplatform system integration
Sensor-to-cloud interoperability; PID and digital control efficiency; Alarm management system design; Automotive industry advances
Make Big Data and Industrial Internet of Things work for you, 2017 Engineers' Choice Finalists, Avoid control design pitfalls, Managing IIoT processes
This article collection contains several articles on the Industrial Internet of Things (IIoT) and how it is transforming manufacturing.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Big Data and bigger solutions; Tablet technologies; SCADA developments
SCADA at the junction, Managing risk through maintenance, Moving at the speed of data
Flexible offshore fire protection; Big Data's impact on operations; Bridging the skills gap; Identifying security risks
click me